./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4217094364
<...>
Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts.
execve("./syz-executor4217094364", ["./syz-executor4217094364"], 0x7fff3c3e7ea0 /* 10 vars */) = 0
brk(NULL) = 0x55555745e000
brk(0x55555745ec40) = 0x55555745ec40
arch_prctl(ARCH_SET_FS, 0x55555745e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4217094364", 4096) = 28
brk(0x55555747fc40) = 0x55555747fc40
brk(0x555557480000) = 0x555557480000
mprotect(0x7fd0dba9e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/profiling", O_RDWR|O_EXCL|O_TRUNC|O_NONBLOCK|O_SYNC|O_NOATIME) = 3
[ 52.742952][ T5067] kernel profiling enabled (shift: 0)
[ 52.831624][ C0] ==================================================================
[ 52.839704][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa8/0xe0
[ 52.846804][ C0] Read of size 8 at addr ffffc90003b4f100 by task syz-executor421/5067
[ 52.855015][ C0]
[ 52.857319][ C0] CPU: 0 PID: 5067 Comm: syz-executor421 Not tainted 6.3.0-rc3-syzkaller-00012-g17214b70a159 #0
[ 52.867701][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 52.877730][ C0] Call Trace:
[ 52.880990][ C0]
[ 52.883817][ C0] dump_stack_lvl+0x1e7/0x2d0
[ 52.888481][ C0] ? irq_work_queue+0xca/0x150
[ 52.893227][ C0] ? nf_tcp_handle_invalid+0x650/0x650
[ 52.898662][ C0] ? panic+0x770/0x770
[ 52.902706][ C0] ? _printk+0xd5/0x120
[ 52.906840][ C0] print_report+0x163/0x540
[ 52.911323][ C0] ? __raise_softirq_irqoff+0x95/0x190
[ 52.916760][ C0] ? __virt_addr_valid+0xbd/0x2e0
[ 52.921765][ C0] ? profile_pc+0xa8/0xe0
[ 52.926076][ C0] kasan_report+0x176/0x1b0
[ 52.930557][ C0] ? profile_pc+0xa8/0xe0
[ 52.934868][ C0] ? scheduler_tick+0x387/0x540
[ 52.939702][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 52.945574][ C0] profile_pc+0xa8/0xe0
[ 52.949708][ C0] profile_tick+0xd8/0x130
[ 52.954099][ C0] tick_sched_timer+0x394/0x550
[ 52.958926][ C0] ? tick_setup_sched_timer+0x2e0/0x2e0
[ 52.964453][ C0] __hrtimer_run_queues+0x562/0xd10
[ 52.969635][ C0] ? hrtimer_interrupt+0x980/0x980
[ 52.974726][ C0] ? ktime_get_update_offsets_now+0x40b/0x420
[ 52.980770][ C0] hrtimer_interrupt+0x396/0x980
[ 52.985691][ C0] __sysvec_apic_timer_interrupt+0x13f/0x480
[ 52.991652][ C0] sysvec_apic_timer_interrupt+0x90/0xb0
[ 52.997263][ C0]
[ 53.000172][ C0]
[ 53.003084][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 53.009045][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[ 53.015526][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 6e fb 35 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 d3 29 b4 f6 65 8b 05 24 91 59 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 53.035107][ C0] RSP: 0018:ffffc90003b4f100 EFLAGS: 00000206
[ 53.041150][ C0] RAX: da87b607d95a0c00 RBX: 1ffff92000769e24 RCX: ffffffff816a859a
[ 53.049098][ C0] RDX: dffffc0000000000 RSI: ffffffff8aea7d60 RDI: 0000000000000001
[ 53.057047][ C0] RBP: ffffc90003b4f190 R08: dffffc0000000000 R09: fffffbfff205c039
[ 53.064994][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 53.072943][ C0] R13: 1ffff92000769e20 R14: ffffc90003b4f120 R15: 0000000000000246
[ 53.080891][ C0] ? mark_lock+0x9a/0x340
[ 53.085199][ C0] ? _raw_spin_unlock+0x40/0x40
[ 53.090042][ C0] ? __mod_zone_page_state+0xda/0x140
[ 53.095392][ C0] __rmqueue_pcplist+0x1e71/0x2190
[ 53.100596][ C0] ? zone_watermark_fast+0x240/0x240
[ 53.105878][ C0] get_page_from_freelist+0x791/0x33c0
[ 53.111331][ C0] ? __might_sleep+0xc0/0xc0
[ 53.115906][ C0] ? __lock_acquire+0x125b/0x1f80
[ 53.120914][ C0] ? __alloc_pages+0x670/0x670
[ 53.125655][ C0] ? prepare_alloc_pages+0x1d9/0x5b0
[ 53.130927][ C0] __alloc_pages+0x255/0x670
[ 53.135503][ C0] ? zone_statistics+0x170/0x170
[ 53.140420][ C0] ? do_raw_spin_lock+0x14d/0x3a0
[ 53.145433][ C0] ? alloc_pages+0x510/0x780
[ 53.150000][ C0] __get_free_pages+0xc/0x30
[ 53.154569][ C0] kasan_populate_vmalloc_pte+0x2e/0xd0
[ 53.160096][ C0] ? __apply_to_page_range+0x9b3/0xcc0
[ 53.165534][ C0] __apply_to_page_range+0x9c5/0xcc0
[ 53.170799][ C0] ? kasan_populate_vmalloc+0x70/0x70
[ 53.176152][ C0] alloc_vmap_area+0x1acc/0x1c00
[ 53.181070][ C0] ? vm_map_ram+0xb30/0xb30
[ 53.185551][ C0] __get_vm_area_node+0x16e/0x370
[ 53.190554][ C0] __vmalloc_node_range+0x3a2/0x12f0
[ 53.195817][ C0] ? profile_init+0xee/0x130
[ 53.200386][ C0] ? __alloc_pages+0xbd/0x670
[ 53.205041][ C0] ? __asan_memset+0x23/0x40
[ 53.209609][ C0] ? __alloc_pages+0xbd/0x670
[ 53.214265][ C0] ? free_vm_area+0x50/0x50
[ 53.218748][ C0] ? profile_init+0xee/0x130
[ 53.223313][ C0] ? sysfs_kf_read+0x310/0x310
[ 53.228058][ C0] vzalloc+0x79/0x90
[ 53.231932][ C0] ? profile_init+0xee/0x130
[ 53.236508][ C0] profile_init+0xee/0x130
[ 53.240916][ C0] profiling_store+0x5e/0xc0
[ 53.245488][ C0] kernfs_fop_write_iter+0x3a6/0x4f0
[ 53.250771][ C0] vfs_write+0x7b2/0xbb0
[ 53.255000][ C0] ? file_end_write+0x250/0x250
[ 53.259834][ C0] ? lockdep_hardirqs_on+0x98/0x140
[ 53.265012][ C0] ? __fdget_pos+0x265/0x2f0
[ 53.269580][ C0] ksys_write+0x1a0/0x2c0
[ 53.273889][ C0] ? __ia32_sys_read+0x90/0x90
[ 53.278633][ C0] ? syscall_enter_from_user_mode+0x32/0x260
[ 53.284592][ C0] ? syscall_enter_from_user_mode+0x8c/0x260
[ 53.290550][ C0] do_syscall_64+0x41/0xc0
[ 53.294960][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.300833][ C0] RIP: 0033:0x7fd0dba31da9
[ 53.305226][ C0] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.324806][ C0] RSP: 002b:00007ffe6ddccd08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.333198][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd0dba31da9
[ 53.341159][ C0] RDX: 0000000000000012 RSI: 0000000020000040 RDI: 0000000000000003
[ 53.349110][ C0] RBP: 00007fd0db9f5cc0 R08: 0000000000000012 R09: 0000000000000000
[ 53.357057][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0db9f5d50
[ 53.365004][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 53.372957][ C0]
[ 53.375954][ C0]
[ 53.378255][ C0] The buggy address belongs to stack of task syz-executor421/5067
[ 53.386026][ C0] and is located at offset 0 in frame:
[ 53.391538][ C0] _raw_spin_unlock_irqrestore+0x0/0x140
[ 53.397152][ C0]
[ 53.399454][ C0] This frame has 1 object:
[ 53.403839][ C0] [32, 40) 'flags.i.i.i.i'
[ 53.403847][ C0]
[ 53.410614][ C0] The buggy address belongs to the virtual mapping at
[ 53.410614][ C0] [ffffc90003b48000, ffffc90003b51000) created by:
[ 53.410614][ C0] copy_process+0x5bd/0x3fc0
[ 53.428205][ C0]
[ 53.430507][ C0] The buggy address belongs to the physical page:
[ 53.436903][ C0] page:ffffea0001e02780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7809e
[ 53.447036][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 53.454123][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 53.462678][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 53.471231][ C0] page dumped because: kasan: bad access detected
[ 53.477613][ C0] page_owner tracks the page as allocated
[ 53.483297][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4895, tgid 4895 (dhcpcd-run-hook), ts 40549067249, free_ts 40529428505
[ 53.502724][ C0] get_page_from_freelist+0x3246/0x33c0
[ 53.508268][ C0] __alloc_pages+0x255/0x670
[ 53.512837][ C0] __vmalloc_node_range+0x959/0x12f0
[ 53.518096][ C0] dup_task_struct+0x3e5/0x750
[ 53.522838][ C0] copy_process+0x5bd/0x3fc0
[ 53.527403][ C0] kernel_clone+0x222/0x800
[ 53.531900][ C0] __x64_sys_clone+0x235/0x280
[ 53.536639][ C0] do_syscall_64+0x41/0xc0
[ 53.541033][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.546903][ C0] page last free stack trace:
[ 53.551548][ C0] free_unref_page_prepare+0xe2f/0xe70
[ 53.556982][ C0] free_unref_page_list+0x596/0x830
[ 53.562154][ C0] release_pages+0x219e/0x2470
[ 53.566891][ C0] tlb_flush_mmu+0x100/0x210
[ 53.571460][ C0] tlb_finish_mmu+0xd4/0x1f0
[ 53.576029][ C0] exit_mmap+0x2c9/0x850
[ 53.580245][ C0] __mmput+0x115/0x3c0
[ 53.584288][ C0] exec_mmap+0x4eb/0x580
[ 53.588509][ C0] begin_new_exec+0x665/0xf10
[ 53.593171][ C0] load_elf_binary+0x95d/0x2820
[ 53.597999][ C0] bprm_execve+0x90e/0x1740
[ 53.602478][ C0] do_execveat_common+0x580/0x720
[ 53.607493][ C0] __x64_sys_execve+0x92/0xa0
[ 53.612144][ C0] do_syscall_64+0x41/0xc0
[ 53.616538][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.622407][ C0]
[ 53.624709][ C0] Memory state around the buggy address:
[ 53.630314][ C0] ffffc90003b4f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.638349][ C0] ffffc90003b4f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.646384][ C0] >ffffc90003b4f100: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00
[ 53.654418][ C0] ^
[ 53.658456][ C0] ffffc90003b4f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.666494][ C0] ffffc90003b4f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.674526][ C0] ==================================================================
[ 53.682561][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 53.689725][ C0] CPU: 0 PID: 5067 Comm: syz-executor421 Not tainted 6.3.0-rc3-syzkaller-00012-g17214b70a159 #0
[ 53.700104][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 53.710132][ C0] Call Trace:
[ 53.713388][ C0]
[ 53.716215][ C0] dump_stack_lvl+0x1e7/0x2d0
[ 53.720874][ C0] ? nf_tcp_handle_invalid+0x650/0x650
[ 53.726309][ C0] ? panic+0x770/0x770
[ 53.730353][ C0] ? lock_release+0xbf/0x9d0
[ 53.734922][ C0] ? vscnprintf+0x5d/0x80
[ 53.739229][ C0] panic+0x31c/0x770
[ 53.743101][ C0] ? check_panic_on_warn+0x21/0xa0
[ 53.748188][ C0] ? memcpy_page_flushcache+0x100/0x100
[ 53.753711][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 53.759592][ C0] ? _raw_spin_unlock+0x40/0x40
[ 53.764420][ C0] ? print_report+0x4fb/0x540
[ 53.769079][ C0] check_panic_on_warn+0x82/0xa0
[ 53.773997][ C0] ? profile_pc+0xa8/0xe0
[ 53.778306][ C0] end_report+0x63/0x110
[ 53.782525][ C0] kasan_report+0x183/0x1b0
[ 53.787008][ C0] ? profile_pc+0xa8/0xe0
[ 53.791316][ C0] ? scheduler_tick+0x387/0x540
[ 53.796148][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 53.802017][ C0] profile_pc+0xa8/0xe0
[ 53.806152][ C0] profile_tick+0xd8/0x130
[ 53.810547][ C0] tick_sched_timer+0x394/0x550
[ 53.815376][ C0] ? tick_setup_sched_timer+0x2e0/0x2e0
[ 53.820897][ C0] __hrtimer_run_queues+0x562/0xd10
[ 53.826079][ C0] ? hrtimer_interrupt+0x980/0x980
[ 53.831168][ C0] ? ktime_get_update_offsets_now+0x40b/0x420
[ 53.837213][ C0] hrtimer_interrupt+0x396/0x980
[ 53.842134][ C0] __sysvec_apic_timer_interrupt+0x13f/0x480
[ 53.848093][ C0] sysvec_apic_timer_interrupt+0x90/0xb0
[ 53.853707][ C0]
[ 53.856616][ C0]
[ 53.859529][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 53.865491][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[ 53.871971][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 6e fb 35 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 d3 29 b4 f6 65 8b 05 24 91 59 75 85 c0 74 3f 48 c7 04 24 0e 36
[ 53.891550][ C0] RSP: 0018:ffffc90003b4f100 EFLAGS: 00000206
[ 53.897595][ C0] RAX: da87b607d95a0c00 RBX: 1ffff92000769e24 RCX: ffffffff816a859a
[ 53.905545][ C0] RDX: dffffc0000000000 RSI: ffffffff8aea7d60 RDI: 0000000000000001
[ 53.913497][ C0] RBP: ffffc90003b4f190 R08: dffffc0000000000 R09: fffffbfff205c039
[ 53.921456][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 53.929404][ C0] R13: 1ffff92000769e20 R14: ffffc90003b4f120 R15: 0000000000000246
[ 53.937355][ C0] ? mark_lock+0x9a/0x340
[ 53.941667][ C0] ? _raw_spin_unlock+0x40/0x40
[ 53.946497][ C0] ? __mod_zone_page_state+0xda/0x140
[ 53.951847][ C0] __rmqueue_pcplist+0x1e71/0x2190
[ 53.956943][ C0] ? zone_watermark_fast+0x240/0x240
[ 53.962207][ C0] get_page_from_freelist+0x791/0x33c0
[ 53.967649][ C0] ? __might_sleep+0xc0/0xc0
[ 53.972215][ C0] ? __lock_acquire+0x125b/0x1f80
[ 53.977228][ C0] ? __alloc_pages+0x670/0x670
[ 53.981969][ C0] ? prepare_alloc_pages+0x1d9/0x5b0
[ 53.987230][ C0] __alloc_pages+0x255/0x670
[ 53.991798][ C0] ? zone_statistics+0x170/0x170
[ 53.996712][ C0] ? do_raw_spin_lock+0x14d/0x3a0
[ 54.001715][ C0] ? alloc_pages+0x510/0x780
[ 54.006285][ C0] __get_free_pages+0xc/0x30
[ 54.010851][ C0] kasan_populate_vmalloc_pte+0x2e/0xd0
[ 54.016377][ C0] ? __apply_to_page_range+0x9b3/0xcc0
[ 54.021825][ C0] __apply_to_page_range+0x9c5/0xcc0
[ 54.027090][ C0] ? kasan_populate_vmalloc+0x70/0x70
[ 54.032446][ C0] alloc_vmap_area+0x1acc/0x1c00
[ 54.037365][ C0] ? vm_map_ram+0xb30/0xb30
[ 54.041846][ C0] __get_vm_area_node+0x16e/0x370
[ 54.046869][ C0] __vmalloc_node_range+0x3a2/0x12f0
[ 54.052129][ C0] ? profile_init+0xee/0x130
[ 54.056697][ C0] ? __alloc_pages+0xbd/0x670
[ 54.061354][ C0] ? __asan_memset+0x23/0x40
[ 54.065920][ C0] ? __alloc_pages+0xbd/0x670
[ 54.070576][ C0] ? free_vm_area+0x50/0x50
[ 54.075056][ C0] ? profile_init+0xee/0x130
[ 54.079620][ C0] ? sysfs_kf_read+0x310/0x310
[ 54.084363][ C0] vzalloc+0x79/0x90
[ 54.088234][ C0] ? profile_init+0xee/0x130
[ 54.092800][ C0] profile_init+0xee/0x130
[ 54.097209][ C0] profiling_store+0x5e/0xc0
[ 54.101778][ C0] kernfs_fop_write_iter+0x3a6/0x4f0
[ 54.107044][ C0] vfs_write+0x7b2/0xbb0
[ 54.111268][ C0] ? file_end_write+0x250/0x250
[ 54.116096][ C0] ? lockdep_hardirqs_on+0x98/0x140
[ 54.121270][ C0] ? __fdget_pos+0x265/0x2f0
[ 54.125837][ C0] ksys_write+0x1a0/0x2c0
[ 54.130157][ C0] ? __ia32_sys_read+0x90/0x90
[ 54.134900][ C0] ? syscall_enter_from_user_mode+0x32/0x260
[ 54.140854][ C0] ? syscall_enter_from_user_mode+0x8c/0x260
[ 54.146820][ C0] do_syscall_64+0x41/0xc0
[ 54.151216][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.157087][ C0] RIP: 0033:0x7fd0dba31da9
[ 54.161482][ C0] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.181061][ C0] RSP: 002b:00007ffe6ddccd08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.189494][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd0dba31da9
[ 54.197448][ C0] RDX: 0000000000000012 RSI: 0000000020000040 RDI: 0000000000000003
[ 54.205397][ C0] RBP: 00007fd0db9f5cc0 R08: 0000000000000012 R09: 0000000000000000
[ 54.213349][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0db9f5d50
[ 54.221300][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 54.229263][ C0]
[ 54.232454][ C0] Kernel Offset: disabled
[ 54.236772][ C0] Rebooting in 86400 seconds..